tiCrypt is based on a very strong security model: all resources are encrypted using AES-256 with randomly generated keys managed using public-key cryptography.
In essence, each user has a private key that can be used to decrypt the user's copy of the resource encryption key. Due to the strength of the encryption algorithms used, should a user lose or refuse to use their key, the data (files, messages, drives) is impossible to recover.
To allow users to re-gain access to their data in case of key loss or to allow data access for law enforcement in extenuating circumstances, tiCrypt provides a sophisticated key-escrow mechanism that can recover user's private key and thus re-establish access. This document provides details on the guiding principles and the mechanisms governing the tiCrypt key escrow and key recovery.
The following principles guided the design of the key escrow mechanism in tiCrypt:
- Cryptographic mechanisms: To the extent possible, cryptographic methods like encryption and digital signatures should be used instead of access control lists.
- Separation of duties: Any key recovery should involve the collaboration of multiple players; no single person should be able to recover a key. This way, if a user's credentials get compromised, the key recovering mechanism is not.
- Minimize admin power: The role of administrators (system or tiCrypt) should be minimized to protect against backend security breaches. Specifically, the administrators should not be able to recover user keys and, for the most part, play only a minor role in the process.
There are three distinct roles involved in the key escrow mechanism in tiCrypt:
- Escrow Users: are special types of users that can only perform escrow-related activities. The escrow user keys do not allow any tiCrypt user activities.
- Site-key Administrator: determines who the escrow users are and how are they organized into escrow user groups.
- tiCrypt Administrators: apply the signed orders of the site-key administrator, and initiate the escrow key mechanism.
The user key is escrowed using the following mechanism:
- The key escrowing is initiated by tiCrypt administrators (by setting the user state to Escrow On Login)
- The key escrowing happens when the user key is available in a decrypted state (after the user provides the password)
- A random AES-256 encryption key gets generated for each escrow group
- A master AES-256 encryption key is created by the combination of the group keys
- User's private key is encrypted by the master AES-256 key and saved on the tiCrypt backend
- Each group key is cryptographically shared with each escrow user in the group. The encrypted keys are deposited on the tiCrypt backend
Key de-escrowing requires the recovery of each group key and then the reconstruction of the master AES-256 key. The encrypted user key can then be retrieved from the tiCrypt backend and decrypted.
One user from each escrow group needs to participate in key de-escrowing.
If all escrow users in a group are unable or unwilling to participate in key de-escrowing, the private key cannot be recovered.
In the following, we will provide a high-level overview of each of the roles together with the set of activities they can perform. The detailed management associated with these roles is described in subsequent chapters.